CVE-2025-11625 CRITICAL

CVE-2025-11625: Host verification bypass and credential leak

Vendor Wolfssl
Product wolfSSH
Weakness CWE-287 · Improper authentication
Published October 21, 2025
Last update January 6, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/U:Red

What the vulnerability does

01Description

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.

Key dates

02Disclosure timeline

October 21, 2025 CVE published
January 6, 2026 Record updated